SLAM! Internet attacks..cyber terror..what's next?

[Anonymous]

If Microsoft didn't suck so much hackers would have to work so hard it wouldn't be worth making viruses and worms in the first place. That's why I prefer Macintosh and Linux machines.

[kakkarot]

yeah, after all, with linux you don't need a virus: linux will destroy your system for you.

as for the ability to do so much internet damage, i knew, as did most others who were interested in hackers, years ago that there were dozens of individual hackers who could take down the ENTIRE internet on their own. and believe me, it isn't hard.

~kakkarot

[PeacefulWarrior]

Worm did dirty work at record-fast pace
Bloomberg Business News
SAN DIEGO -- Slammer was the fastest computer worm ever, researchers say, spreading to more than 67,000 computers around the world in 10 minutes on Jan. 25, closing bank machines, delaying flights and slowing Internet traffic.

The worm, a string of computer code that took advantage of a flaw in Microsoft Corp.'s server software, doubled in size every 8.5 seconds during the first minute, according to research published by the Cooperative Association for Internet Data Analysis. In contrast, the Code Red worm took 37 minutes -- or more than 250 times as long -- to double, when it appeared in 2001.

Worms are similar to computer viruses in that both types of malicious code make copies of themselves. Worms propagate by attacking a system, while a virus spreads through the exchange of files. Once Slammer infected a computer, it scanned the Internet and sent copies of itself to other vulnerable servers.

Within 10 minutes, Slammer was able to scan 3.6 billion of the world's roughly 4 billion Internet addresses to seek out potential targets, Moore said.

The worm, also called Sapphire, looked for vulnerable computers at a pace of 55 million a second within three minutes of its appearance, slowing only because so much of the worldwide computer network lacked the capacity to allow it to spread as quickly as it could.

Half of all Internet signals weren't reaching their destination at the height of the attack.

[Anonymous]

Isn't technology wonderful? Hey if I were a hacker and the world ticked me off I'd probably do the same thing. I think we could use them for my starship (which will be built many years from now).

[Adrian]

Greetings everyone,

quote:Originally posted by PeacefulWarrior

Worm did dirty work at record-fast pace
Bloomberg Business News
SAN DIEGO -- Slammer was the fastest computer worm ever, researchers say, spreading to more than 67,000 computers around the world in 10 minutes on Jan. 25, closing bank machines, delaying flights and slowing Internet traffic.

The Astral Pulse server was hit by the "SQL Slammer" worm within a couple of minutes of its release into the "wild". It was one of the most devastating attacks ever on the Internet.  My hosting company unplugged my server from the Internet because it was generating so much traffic as a result of the worm  - it was trying to send 68Gbs of data through their routers. It wasn't until much later in the day the SQL Slammer attack on the net became apparent.

Operating a server is a definite risk. People say why didn't you do this or do that, but the fact is I spend an enormous amount of my time administering the Astral Pulse and its server, and it is almost impossible to account for every eventuality. If someone is intent of causing that level of havoc on the Internet they will do it anyway.

All we can do is to take all known precautions, and fix everything else as we go along.

Thank you everyone for your understanding while the Astral Pulse was offline while I fixed it.

With best regards,

Adrian.

[PeacefulWarrior]

This stuff is SCARY...just this last weekend there was the "Slammer" attack virus that infected a bunch of computers and hurt gov't servers and even shut down some 911 emergency lines.  But, as the second article points out, a bigger more devestating attack is planned and could really bring down the net for a few days.  Big deal, right?  That's what I thought...but it would actually cost the international economy BILLIONS and billions of dollars.  And besides, we couldn't post on the astralpulse!  

-----------------------------------------
Slammer VIRUS
January 27, 2003
Internet Recovering From Slammer Attack
By Sharon Gaudin
The Internet was recovering Monday from a virulent worm attack that slowed or halted Web traffic around the world this weekend.

The new worm, dubbed SQL Slammer, hit the Internet on Saturday, taking advantage of a known vulnerability in Microsoft Corp.'s SQL 2000 Web servers. The worm, which doesn't damage the infected machine or delete or change files, generates massive amounts of network packets, overloading servers and routers, slowing down network traffic -- sometimes bringing it to a complete stop under the weight of the attack.

F-Secure, an anti-virus company, reports that as many as 200,000 computers have been infected so far, and the worm brought down as many as five out of the 13 Internet root name servers.

The Slammer worm disrupted business around the world. Bank of America Corp. reported that customers were unable to withdraw money from its 13,000 ATM machines here in the United States. Finnish telephone service was down. And in South Korea, where three-quarters of the population have Internet access, services were shut down nationwide for hours on Saturday. Outages or slow downs were reported in Thailand, Japan, the Philippines, India and Malaysia.

But security analysts say network administrators stepped up to the plate around the world and kept the start of the business week from bringing on even more Slammer-related problems. Mikko Hypponen, manager of anti-virus research in F-Secure's Helsinki office, says administrators worked through the weekend installing the needed patch, which has been available for months.

Hypponen, speaking to Datamation at what was the end of the business day in Helsinki, says Europe experienced some network slowdowns today but they are definitely on the mend. Email was slow across a widespread area and Voice over IP telephone calls were hindered but the worst of the attack seems to be over.

"It's one of the smallest network worms we've ever seen," says Hypponen, who adds that initial signs point to the worm originating in China. "That's why it's so fast. It's only 376 bytes and that makes it so aggressive in spreading that it slows down network traffic."

Chris Wraight, a technology consultant with anti-virus company Sophos, explains that part of the reason the worm acts so aggressively is because of the indiscriminate way it attacks. Slammer spreads entirely in memory and affects the process space of SQL Server 2000 by exploiting a buffer overflow. That allows it to start running as part of SQL server itself and then the worm sends itself from SQL to as many other IP addresses as it can.

"It's not discriminating," says Wraight. "It probes everything. It causes a lot of traffic and runs as an infinite loop."

Security experts agree that while network traffic was slowed and some major businesses were affected around the world, it would have been much worse if the worm had carried a more damaging payload. Files weren't changed or deleted. That would have made the worm much more devastating.

But F-Secure's Hypponen says he suspects the "success" of the Slammer worm will lead to similar attacks in the future.

"We've never seen such a small worm spread so fast and cause so many problems," he says. "That means this could be the beginning of something. Now they see that making it small and making it fast really pays off."

White House
cyber-security chief resigns

Clarke cites 'worm' attack, warns Net remains at risk

ASSOCIATED PRESS


WASHINGTON, Jan. 31 —  Richard A. Clarke, President Bush's top cyber-security adviser, has resigned from his post and issued an ominous warning to colleagues about the destructive effects of future attacks on the Internet.    

'More sophisticated attacks against known vulnerabilities in cyberspace could be devastating.'
— RICHARD A. CLARKE
White House cyber-security adviser          CLARKE, IN AN e-mail sent overnight Thursday to colleagues, cited damage from the weekend's infection that struck hundreds of thousands of computers worldwide, slowing e-mail and Web surfing and even shutting down some banking systems. He called the attacking software "a dumb worm that was easily and cheaply made."
      "More sophisticated attacks against known vulnerabilities in cyberspace could be devastating," Clarke wrote. "As long as we have vulnerabilities in cyberspace and as long as America has enemies, we are at risk of the two coming together to severely damage our great country."
      A spokeswoman confirmed Clarke's e-mail as authentic. It was forwarded by the FBI's National Infrastructure Protection Center to operators of Internet early-warning centers.
      The Associated Press, citing people familiar with Clarke's plans, reported his decision to resign on Jan. 24. Clarke has spent 11 years in the White House across three administrations, and he was the president's counterterrorism coordinator at the time of the Sept. 11 terror attacks.
      Clarke has focused most recently on preventing disruptions to important computer networks from Internet attacks, compiling recommendations to improve security into a "National Strategy to Secure Cyberspace." In his e-mail, Clarke urged companies and government agencies to adopt these recommendations.  
Advertisement
 
 



        He said it was "essential to the health of the nation's economy and the security of the country."
      Clarke indicated he would seek a job in the private sector, after spending three decades inside the government. He worked at the Departments of Defense and State, then was hired at the White House.
      "I hope now to learn how to contribute to these issues as a private citizen," Clarke wrote.
     
      © 2003 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.